Hi
Can someone tell me if it's possible to require strong encryption like TLS
except from one IP address?

Not exactly. The "require" directive doesn't have that level of granularity,
but you can use ACLs to restrict access. In that case, a user would be able to
connect without TLS, but wouldn't be able to access anything.